Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: Ryan.Russell () SYBASE COM (Ryan Russell)
Date: Mon, 8 Feb 1999 10:42:48 -0800
There's a pivotal question with remote security scanners: Should they go ahead and exercise a hole to see if it's there. I've got no interest in starting a debate on this subject, but it's essentially what the issue is with the router check. ISS seems to only be willing to try a hole if it's non-disruptive. For example, it will test for a rdist hole by attempting to create a file in /tmp. In the abscence of other information (i.e. SNMP access, or logging in to do a sho ver) the only way to check for that particular router bug is to try it. As you know, the main result of that bug is crashing the router. (Presumably, there's a buffer overflow that might let code be pushed on, but I don't think that could be done reliably by an automated scanner given all the Cisco architectures it might run across.) So, I assume that ISS is trying to determine vulnerablity without crashing your router. ISS could give the advanced user the option of trying to crash the router, and then ping it to infer if it's vulnerable. That option could be appropriate in a penetration test. In an environment where one is trying to use the tool to keep on top of patch levels for internal systems, you might consider giving the IS scanner a read-only SNMP string. The latter option is certainly not terribly secure, but no less so than any other SNMP use. Ryan
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive, (continued)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
- NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
- Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- sl0scan (ambiguous source portscanner) miff (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Randy Taylor (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- More Comments: Security Scanners. Craig H. Rowland (Feb 12)
- Re: Security Bug in Bintec Router Firmware (CLID) Pascal Gienger (Feb 11)